SSL certificates: Validation and phone verification


    An important step in the validation of SSL Certificate orders is the phone call required for all OV and EV certificates by Certificate Authorities (CAs) to your customers. This applies in particular to the following CAs and their brands:

    • DigiCert: Symantec, GeoTrust, Thawte, RapidSSL
    • Sectigo (formerly Comodo): PositiveSSL, InstantSSL

    With the growing number of people having to work from home due to recent events, this could cause delays if certificate requestors are not reachable. We as well as the CAs are well prepared to handle your customers’ orders, and do not expect any delays in any other authentication steps. However, the phone verification carried out by CAs must be completed per the industry’s requirements for issuing certificates.

    To continue to provide the fastest validation possible and to ensure that the CAs can issue your needed certificates as quickly as possible it is necessary that CAs can still contact you for validation steps when needed. Thus you should:

    • Monitor important phone line
    • Forward important telephone numbers
    • Ensure access to voicemail and email messages
    • This specifically affects contact data used to order a certificate: Telephone numbers and email addresses.

    CAs may use these methods to connect with your clients or provide confirmation codes for verification.
    Before CAs can issue a certificate, industry standards require us to contact someone who represents the organisation to confirm a certificate requestor’s authority to order a certificate for the organisation.